cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

System Users

Go to solution
Former Member

on ‎01-13-2010 11:35 PM

0 Kudos

Hello experts,

I need a little clarification.

- There are the parameters of the MI Client: user, password and client (Mandt) for one user.

- Then there are user and password to access the Netweaver Administrator (for J2ee engine) and these should coincide with those above...

- Then I have a user (user, psw and client) to access all'Abab Engine through the SAP GUI, but this user is different from the above users

- Finally inside the R / 3 system there are other users and clients

1) I'm wondering if I use the same user for all four cases?That is the same user, psw and clients in all systems above?

Summarizing:

MI Client & J2ee engine -> user: j2ee*** , psw: admin***

Abap engine -> user: devel*** , psw: design***, client:100

System R/3 (back-end) none of the above users.

Regards, Gokhan

Edited by: dpns22 on Jan 14, 2010 12:35 AM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-15-2010 9:06 PM
0 Kudos

Hi,

well, lets try to explain:

You have 3 different users, and these users can be the same, but do not necessarily have to!

You have a user on MI Client. This user has role MI_SYNC and this alows him to sync. But this user has no authorisation to connect to J2EE Engine or even middleware SAP Gui. Well, he can have, but he does not have to.

The Netweaver Admin user can connect to MI J2EE server but it is not onnected to the user above.

And so on - so each stept can have its own user.

Cause you connect form Middleware to backend by RFC, a mobile user is not necessarily available in the backend. Only if you setup RFC as trusted, you need to have this user available in backend - off course - but as a usual RFC with its own username/passwd the user in Middleware does not rwach the backend in a usual case.

Well, an admin user can and should have access to all things and so he should be able to do all.

But usual users - limit them as much down as possible, cause only this gives you a secure system. Otherwise users have ability to administer a server - really you do not want to do that.

Hope this helps!

Regards,

Oliver

Show replies
Show replies
Former Member
‎01-16-2010 7:02 PM
0 Kudos

Hi Oliver,

first thank you, your explanation is perfect!

But I still have a question that has not emerged from my question above....

1)just to clarify ... for MI_SYNC you refer to the role created on the server for the service user for synchronization? therefore Role Editor -> Creating Service Users.

2) What I ask is because users that I created in middleware (engine with SAPgui Ababa) does not find them in the UME Web AS Java?Doing research (*, data source =ABAP) I find the users DDIC, SAP *, J2EE_ADMIN etc.. but the UME does not see the service user that I created using the SAPgui. Or I did not understand anything ... or I miss something!

3) J2ee_admin that you use to administer the "J2EE" has as its data source = ABAP (in search results on UME), but foolishly I wonder why using transaction SU01 in the middleware (Abap with SAPgui) do not find it? If the source data is Abap I would expect to find the user in both the J2EE engine in Abap ... Maybe even here I do not understand!

I do not understand why users of the Java WAS and WAS Abap are not common if WAS Java + Abap WAS = WAS (at least that says the documentation ...), because then users DDIC, SAP * the J2EE sees them? while those that I create I do not?

very disconsolate: (

Regards, Gokhan

Former Member
‎01-16-2010 7:50 PM
0 Kudos

anyway my question above is only a question mark, the rest is quite clear ... the synchronization works.

Former Member
‎01-18-2010 8:58 PM
0 Kudos

Hi,

this issue you have is because you need to sync the user base between BAP and J2EE - but to be honest, I actually have forgotten how this really worked. It is just that you need to do that - but the sync is happening anyway against the ABAP server. - so usually it should be okay even if you do not see the user in JAVA WebAS.

Once I have access to a 7.0 server again I will check how this works and how the sync between the userbases is working fine.

Regards,

Oliver

Answers (1)

Answers (1)

Former Member
‎01-15-2010 4:52 AM
0 Kudos

Well, the mobile device is used to 'Log in' into your MI and download/upload data. So the user will exist on your MI system.

The user you log into the 'ABAP Engine' (I assume you are referring to the MI system again here) will also exist on the same system (with different rights this time, to allow for running relevant transactions).

The administrator will also exist on the same MI system (with the relevant role that allows for administration).

The backend system will typically have users corresponding to the user of each device. So that the user has data relevant for himself in the backend which he can download and change from the device.

=> Its the authorizations that probably make the difference.

An Admin will only use the NetWeaver Administrator and not have rights to log into the MI system via SAPGUI and use all transactions.

A developer may log in via SAPGUI and change code (for example)

A user only syncs (and has enough rights to only sync and probably no rights to log into SAPGUI)

This is why they are usually different. Because the people who generally perform these activities are different people with different roles.

If you log into your MI system via SAPGUI and open up SU01, you might see that all the users (admin, and device user included) exist on the MI system.

PS: Actually, I'm saying all this based on what I know of 7.1 (which is different architecturally), but I assume the above holds true for older versions because it makes sense to have it this way.

Edited by: Arjun Shankar on Jan 15, 2010 5:52 AM

Show replies
Show replies
Ask a Question